2

Suppose the NSA through legal means, or a malware group through illegal means has access to enormous computational resources via a backdoor into all Microsoft Windows machines (or some significant subset of windows machines).

What percentage of https traffic could be reliably decrypted through brute force?

In other words, are there enough conventional computer chips in the world that, if networked together could break cryptography?

Similarly, could a popular app like facebook or WhatsApp utilize the client cpu to give them powers they wouldn't otherwise have with their own resources? Does this happen?

coder
  • 141
  • 2
  • 1
    https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html - typical supernova releases something like 1051 ergs... If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. – Hector Dec 06 '17 at 15:35
  • 1
    @schroeder - I disagree with this being opinion based. See my comment above - its easy enough to prove it would be impossible with modern crypto standards. – Hector Dec 06 '17 at 15:37
  • @Hector until you add in the quantum machines out there (there are a couple) then it becomes a guessing game – schroeder Dec 06 '17 at 16:00
  • @Hector and are you saying that 0% of https traffic could be decrypted via brute force? – schroeder Dec 06 '17 at 16:04
  • 1
    Assuming no quantum computing (and OP stated "Microsoft Windows machines" / additionally I'm not aware of any current quantum computer remotely close to being capable of breaking modern crypto / if it exists odds are intelligence agencies already have access making the question moot) then 0% of HTTPS traffic using unflawed encryption schemes with a key space of at least 200 bits. Considering most major browsers have disabled broken algorithms I would argue the percentage bruteforceable is close to zero / only really old systems that don't work with modern clients. – Hector Dec 06 '17 at 16:15
  • @schroeder - And yes I realise 128 bit keys are still fairly common but seeing as you would need the entire energy of the sun for 32 years just to iterate through a 192 bit counter in an idealised information storage system I'm willing to wager iterating a 128 bit counter in under a decade would require more than the combined computing power of every machine on the planet. – Hector Dec 06 '17 at 16:22
  • We already have numerous Qs on the infeasibility of bruteforcing modern crypto, see https://security.stackexchange.com/q/6141 https://security.stackexchange.com/q/61346 https://security.stackexchange.com/q/22905 OTOH backdooring Windows is an excellent way to steal/alter/forge data _without_ breaking any crypto; there are many Qs on that also. – dave_thompson_085 Dec 07 '17 at 01:12
  • Even with quantum computers, symmetric algorithms like AES are not hit nearly as hard as asymmetric ones like RSA. A symmetric algorithm is attacked by grover's algorithm on a quantum computer, and it reduces the effective keyspace to 2^(n/2), essentially weakening a 256 bit key and turning it into a 128 bit key, which is still extremely strong. – forest Dec 07 '17 at 02:21
  • Also note that https traffic is not attacked with "brute force". Since it uses asymmetric algorithms, it would typically be attacked with factorization. Brute force of a 4096 bit key would take 2^4096 operations, but factoring a 4096 bit key would take the equivalent of 2^192 operations. There are a bunch of answers elsewhere on this site that explain how asymmetric crypto is attacked. – forest Dec 07 '17 at 02:23

0 Answers0